From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Andreas Gustafsson Newsgroups: gmane.emacs.bugs Subject: bug#22790: 24.5; Infinite loop involving malloc called from signal handler Date: Mon, 29 Feb 2016 16:44:30 +0200 Message-ID: <22228.22862.708667.152490@guava.gson.org> References: <83povmgfnn.fsf@gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1456757127 20379 80.91.229.3 (29 Feb 2016 14:45:27 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 29 Feb 2016 14:45:27 +0000 (UTC) To: 22790@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Feb 29 15:45:16 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1aaP4S-0005fN-Ck for geb-bug-gnu-emacs@m.gmane.org; Mon, 29 Feb 2016 15:45:12 +0100 Original-Received: from localhost ([::1]:37050 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aaP4R-0005vF-QX for geb-bug-gnu-emacs@m.gmane.org; Mon, 29 Feb 2016 09:45:11 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41788) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aaP4N-0005rS-7Q for bug-gnu-emacs@gnu.org; Mon, 29 Feb 2016 09:45:08 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aaP4I-00074i-KL for bug-gnu-emacs@gnu.org; Mon, 29 Feb 2016 09:45:07 -0500 Original-Received: from debbugs.gnu.org ([208.118.235.43]:54921) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aaP4I-00074E-Ge for bug-gnu-emacs@gnu.org; Mon, 29 Feb 2016 09:45:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84) (envelope-from ) id 1aaP4I-0003g9-6u for bug-gnu-emacs@gnu.org; Mon, 29 Feb 2016 09:45:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Andreas Gustafsson Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 29 Feb 2016 14:45:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22790 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: moreinfo Original-Received: via spool by 22790-submit@debbugs.gnu.org id=B22790.145675707914093 (code B ref 22790); Mon, 29 Feb 2016 14:45:02 +0000 Original-Received: (at 22790) by debbugs.gnu.org; 29 Feb 2016 14:44:39 +0000 Original-Received: from localhost ([127.0.0.1]:52048 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaP3u-0003fF-Kh for submit@debbugs.gnu.org; Mon, 29 Feb 2016 09:44:39 -0500 Original-Received: from gusto.araneus.fi ([185.55.84.130]:50871) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aaP3r-0003f0-D8 for 22790@debbugs.gnu.org; Mon, 29 Feb 2016 09:44:36 -0500 Original-Received: from guava.gson.org (unknown [10.0.1.240]) by gusto.araneus.fi (Postfix) with ESMTP id 959068BE639; Mon, 29 Feb 2016 14:44:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gson.org; s=mail; t=1456757073; bh=iWka1wAwIZp9+iZ2ND+UmL81uNkMA/HaXr330luL+HQ=; h=Date:To:CC:Subject:In-Reply-To:References:From; b=XsMhcLa0cofhZFbp5/jjucKthPyAHYlX257+SqB+hAnzyR9Qztiq02mmwfHv7FBWv mwwwW7bgwq3iblH0jGrW7TllepY1uOkWOKbcYsS0wA4tYWcauOrTJrPodfAHBuihWW jzyEv0bcV1N31+et7peUsmPswip+QzcDpF7bhw8o= Original-Received: by guava.gson.org (Postfix, from userid 101) id DC6AB745E1D; Mon, 29 Feb 2016 16:44:30 +0200 (EET) In-Reply-To: Re: <83povmgfnn.fsf@gnu.org> X-Mailer: VM 8.2.0b under 24.5.1 (x86_64--netbsd) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:114131 Archived-At: The lockup happened again. There's still a SIGINT handler involved, but at least there is only one of this time and not two recursive ones. The full backtrace and some additional gdb output are included below, but I would think this two-line excerpt should be sufficient to identify the bug (or at least _a_ bug, if there is more than one): #9 0x00007f7ff60cc266 in printf () from /usr/lib/libc.so.12 #10 0x00000000004db715 in handle_interrupt (in_signal_handler=true) at keyboard.c:10364 That is, printf() is not a signal safe function, so emacs is invoking undefined behavior by calling it from a signal handler. > In any case, when this happens next, please use the procedure > described in etc/DEBUG for locating the place where Emacs loops, and > post that information. As you can see from the gdb transcript below, the "step" function didn't work, but "stepi" shows it looping within libpthread. > Backtraces generated from an infloop > interrupted in a random place tend to be random and don't provide > enough information for finding out the reasons for the loop. Even if you consider the backtrace to be suspect, code inspection should suffice to show that the line printf ("Auto-save? (y or n) "); in src/keyboard.c can be executed from a signal handler. -- Andreas Gustafsson, gson@gson.org (gdb) where #0 0x00007f7ff6c083e2 in ?? () from /usr/lib/libpthread.so.1 #1 0x00007f7ff6c08445 in ?? () from /usr/lib/libpthread.so.1 #2 0x00007f7ff6c08848 in ?? () from /usr/lib/libpthread.so.1 #3 0x00000000005c5486 in _malloc_internal (size=65536) at gmalloc.c:929 #4 0x00000000005c54fc in malloc (size=65536) at gmalloc.c:953 #5 0x00007f7ff60ed28c in __smakebuf () from /usr/lib/libc.so.12 #6 0x00007f7ff60ed125 in __swsetup () from /usr/lib/libc.so.12 #7 0x00007f7ff60cde92 in __vfprintf_unlocked () from /usr/lib/libc.so.12 #8 0x00007f7ff60d1258 in vfprintf () from /usr/lib/libc.so.12 #9 0x00007f7ff60cc266 in printf () from /usr/lib/libc.so.12 #10 0x00000000004db715 in handle_interrupt (in_signal_handler=true) at keyboard.c:10364 #11 0x00000000004db63e in handle_interrupt_signal (sig=2) at keyboard.c:10288 #12 0x00000000004e8b63 in deliver_process_signal (sig=2, handler=0x4db5f1 ) at sysdep.c:1570 #13 0x00000000004db65a in deliver_interrupt_signal (sig=2) at keyboard.c:10295 #14 #15 0x00007f7ff6c083e2 in ?? () from /usr/lib/libpthread.so.1 #16 0x00007f7ff6c08445 in ?? () from /usr/lib/libpthread.so.1 #17 0x00007f7ff6c08848 in ?? () from /usr/lib/libpthread.so.1 #18 0x00000000005c5486 in _malloc_internal (size=1000) at gmalloc.c:929 #19 0x00000000005c54fc in malloc (size=1000) at gmalloc.c:953 #20 0x0000000000534f0d in xmalloc (size=1000) at alloc.c:677 #21 0x000000000057968f in Fprinc (object=8564569, printcharfun=11946034) at print.c:656 #22 0x000000000057a544 in print_error_message (data=41076294, stream=11944965, context=0x0, caller=11946034) at print.c:919 #23 0x000000000057a238 in Ferror_message_string (obj=41076294) at print.c:844 #24 0x000000000050e40e in auto_save_error (error_val=41076294) at fileio.c:5425 #25 0x000000000055787a in internal_condition_case (bfun=0x50e477 , handlers=11946082, hfun=0x50e3bf ) at eval.c:1345 #26 0x000000000050eb76 in Fdo_auto_save (no_message=11946082, current_only=11946034) at fileio.c:5672 #27 0x00000000004cde3c in read_char (commandflag=1, map=41075894, prev_event=11946034, used_mouse_menu=0x7f7fffff9c0f, end_time=0x0) at keyboard.c:2751 #28 0x00000000004d932a in read_key_sequence (keybuf=0x7f7fffff9df0, bufsize=30, prompt=11946034, dont_downcase_last=false, can_return_switch_frame=true, fix_current_buffer=true, prevent_redisplay=false) at keyboard.c:9089 #29 0x00000000004cb5b0 in command_loop_1 () at keyboard.c:1453 #30 0x0000000000557882 in internal_condition_case (bfun=0x4cb1f1 , handlers=12016002, hfun=0x4cab3b ) at eval.c:1348 #31 0x00000000004caf5d in command_loop_2 (ignore=11946034) at keyboard.c:1178 #32 0x00000000005570b5 in internal_catch (tag=12108690, func=0x4caf37 , arg=11946034) at eval.c:1112 #33 0x00000000004caec0 in command_loop () at keyboard.c:1149 #34 0x00000000004ca737 in recursive_edit_1 () at keyboard.c:778 #35 0x00000000005017dd in read_minibuf (map=40555366, initial=37407873, prompt=18302785, expflag=false, histvar=12034962, histpos=0, defalt=11946034, allow_props=false, inherit_input_method=false) at minibuf.c:674 #36 0x0000000000501ffd in Fread_from_minibuffer (prompt=18302785, initial_contents=37407873, keymap=40555366, read=11946034, hist=12034962, default_value=11946034, inherit_input_method=11946034) at minibuf.c:957 #37 0x000000000055ab18 in Ffuncall (nargs=8, args=0x7f7fffffa398) at eval.c:2837 #38 0x0000000000599506 in exec_byte_code (bytestr=9425233, vector=9425269, maxdepth=72, args_template=8200, nargs=8, args=0x7f7fffffa918) at bytecode.c:916 #39 0x000000000055b0c7 in funcall_lambda (fun=9425189, nargs=8, arg_vector=0x7f7fffffa8d8) at eval.c:2978 #40 0x000000000055abb1 in Ffuncall (nargs=9, args=0x7f7fffffa8d0) at eval.c:2860 #41 0x0000000000503624 in Fcompleting_read (prompt=18302785, collection=12147074, predicate=12031842, require_match=11946034, initial_input=37407873, hist=12034962, def=11946034, inherit_input_method=11946034) at minibuf.c:1674 #42 0x000000000055ab77 in Ffuncall (nargs=8, args=0x7f7fffffaa70) at eval.c:2844 #43 0x0000000000599506 in exec_byte_code (bytestr=9416857, vector=9416893, maxdepth=92, args_template=6148, nargs=6, args=0x7f7fffffaff0) at bytecode.c:916 #44 0x000000000055b0c7 in funcall_lambda (fun=9416813, nargs=6, arg_vector=0x7f7fffffafc0) at eval.c:2978 #45 0x000000000055abb1 in Ffuncall (nargs=7, args=0x7f7fffffafb8) at eval.c:2860 #46 0x0000000000599506 in exec_byte_code (bytestr=9416657, vector=9416693, maxdepth=52, args_template=6148, nargs=6, args=0x7f7fffffb4f0) at bytecode.c:916 #47 0x000000000055b0c7 in funcall_lambda (fun=9416613, nargs=6, arg_vector=0x7f7fffffb4c0) at eval.c:2978 #48 0x000000000055abb1 in Ffuncall (nargs=7, args=0x7f7fffffb4b8) at eval.c:2860 #49 0x0000000000599506 in exec_byte_code (bytestr=13771137, vector=15498901, maxdepth=28, args_template=11946034, nargs=0, args=0x0) at bytecode.c:916 #50 0x000000000059899d in Fbyte_code (bytestr=13771137, vector=15498901, maxdepth=28) at bytecode.c:482 #51 0x00000000005595a6 in eval_sub (form=13294870) at eval.c:2187 #52 0x000000000055771f in internal_lisp_condition_case (var=11946034, bodyform=13294870, handlers=13294294) at eval.c:1317 #53 0x000000000059a671 in exec_byte_code (bytestr=13770785, vector=15499053, maxdepth=12, args_template=11946034, nargs=0, args=0x0) at bytecode.c:1162 #54 0x000000000055b3c0 in funcall_lambda (fun=15499117, nargs=6, arg_vector=0xec7f2d) at eval.c:3044 #55 0x000000000055abb1 in Ffuncall (nargs=7, args=0x7f7fffffbff8) at eval.c:2860 #56 0x0000000000599506 in exec_byte_code (bytestr=13774209, vector=15563853, maxdepth=28, args_template=11946034, nargs=0, args=0x0) at bytecode.c:916 #57 0x000000000055b3c0 in funcall_lambda (fun=15499165, nargs=3, arg_vector=0xed7c4d) at eval.c:3044 #58 0x000000000055aea5 in apply_lambda (fun=15499165, args=19767910, count=13) at eval.c:2919 #59 0x0000000000559777 in eval_sub (form=19767894) at eval.c:2226 #60 0x0000000000555e28 in Fprogn (body=19767958) at eval.c:462 #61 0x0000000000555dcd in Fcond (args=19767974) at eval.c:440 #62 0x0000000000559273 in eval_sub (form=19767382) at eval.c:2131 #63 0x0000000000555e28 in Fprogn (body=19767990) at eval.c:462 #64 0x0000000000556d09 in Flet (args=19767366) at eval.c:970 #65 0x0000000000559273 in eval_sub (form=19770054) at eval.c:2131 #66 0x0000000000555e28 in Fprogn (body=19768006) at eval.c:462 #67 0x0000000000556d09 in Flet (args=19770006) at eval.c:970 #68 0x0000000000559273 in eval_sub (form=19769894) at eval.c:2131 #69 0x000000000055939f in eval_sub (form=19769878) at eval.c:2147 #70 0x0000000000558dac in Feval (form=19769878, lexical=11946034) at eval.c:1996 #71 0x0000000000553732 in Fcall_interactively (function=18304242, record_flag=11946034, keys=11998845) at callint.c:345 #72 0x000000000055aa05 in Ffuncall (nargs=4, args=0x7f7fffffd248) at eval.c:2818 #73 0x0000000000599506 in exec_byte_code (bytestr=9460233, vector=9460269, maxdepth=52, args_template=4100, nargs=1, args=0x7f7fffffd760) at bytecode.c:916 #74 0x000000000055b0c7 in funcall_lambda (fun=9460189, nargs=1, arg_vector=0x7f7fffffd758) at eval.c:2978 #75 0x000000000055abb1 in Ffuncall (nargs=2, args=0x7f7fffffd750) at eval.c:2860 #76 0x000000000055a35f in call1 (fn=12009122, arg1=18304242) at eval.c:2610 #77 0x00000000004cb8a9 in command_loop_1 () at keyboard.c:1560 #78 0x0000000000557882 in internal_condition_case (bfun=0x4cb1f1 , handlers=12016002, hfun=0x4cab3b ) at eval.c:1348 #79 0x00000000004caf5d in command_loop_2 (ignore=11946034) at keyboard.c:1178 #80 0x00000000005570b5 in internal_catch (tag=12008098, func=0x4caf37 , arg=11946034) at eval.c:1112 #81 0x00000000004caf0f in command_loop () at keyboard.c:1157 #82 0x00000000004ca737 in recursive_edit_1 () at keyboard.c:778 #83 0x00000000004ca8a4 in Frecursive_edit () at keyboard.c:849 #84 0x00000000004c8aa4 in main (argc=4, argv=0x7f7fffffdb90) at emacs.c:1642 (gdb) step Cannot find bounds of current function (gdb) define s Type commands for definition of "s". End with a line saying just "end". >stepi >x/i $pc >end (gdb) s 0x00007f7ff6c08445 in ?? () from /usr/lib/libpthread.so.1 => 0x7f7ff6c08445: sub $0x1,%ebp (gdb) 0x00007f7ff6c08448 in ?? () from /usr/lib/libpthread.so.1 => 0x7f7ff6c08448: jne 0x7f7ff6c08440 (gdb) 0x00007f7ff6c08440 in ?? () from /usr/lib/libpthread.so.1 => 0x7f7ff6c08440: callq 0x7f7ff6c083e0 (gdb) 0x00007f7ff6c083e0 in ?? () from /usr/lib/libpthread.so.1 => 0x7f7ff6c083e0: pause (gdb) 0x00007f7ff6c083e2 in ?? () from /usr/lib/libpthread.so.1 => 0x7f7ff6c083e2: retq (gdb) 0x00007f7ff6c08445 in ?? () from /usr/lib/libpthread.so.1 => 0x7f7ff6c08445: sub $0x1,%ebp (gdb) 0x00007f7ff6c08448 in ?? () from /usr/lib/libpthread.so.1 => 0x7f7ff6c08448: jne 0x7f7ff6c08440 (gdb) 0x00007f7ff6c08440 in ?? () from /usr/lib/libpthread.so.1 => 0x7f7ff6c08440: callq 0x7f7ff6c083e0 (gdb) 0x00007f7ff6c083e0 in ?? () from /usr/lib/libpthread.so.1 => 0x7f7ff6c083e0: pause (gdb) 0x00007f7ff6c083e2 in ?? () from /usr/lib/libpthread.so.1 => 0x7f7ff6c083e2: retq (gdb) 0x00007f7ff6c08445 in ?? () from /usr/lib/libpthread.so.1 => 0x7f7ff6c08445: sub $0x1,%ebp (gdb) info threads Id Target Id Frame * 1 LWP 1 0x00007f7ff6c08445 in ?? () from /usr/lib/libpthread.so.1